WTH! Yahoo faces security breach AGAIN

Yahoo is in deep trouble kudos to the number of security breach incidents that the company has reported so far. After reporting a major security breach in its extensive database in September this year, Yahoo has reported yet another breach and this time around it’s bigger than before.

Apparently, the company has reported another security breach that took place in 2013, a year before the security breach involving 500 million accounts took place. The breach that the company reported on December 14, 2016, has affected 1 billion user accounts.

What exactly happened?
In November, Yahoo said that it was analysing the data it got from the law enforcement agencies wherein a third party claimed that it was all Yahoo user data. The company analysed this data taking assistance from the outside forensic experts and found that claims made by the third party were indeed true.

“Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts,” Yahoo said in a statement. The company further added that it hasn’t been able to identify ‘intrusion associated with this theft’.

The company also reported that an unauthorised third party forged cookies to gain access to Yahoo user accounts without using passwords. Yahoo has identified the accounts for which the breach was made and has notified the concerned users. The company now suspects that the people responsible for this breach are the same state-sponsored (rumours suggest that they were Russian hackers) actors who caused the breach reported in September this year.

What happened in 2014 security breach?
Yahoo had reported a massive breach of user data on September 22, 2016. According to the company, the breach took place in 2014 and affected over 500 million accounts. The breach was one of the largest breach ever recorded. What added a layer of darkness to the entire issue was the potential involvement of state-sponsored actors.

Will its Verizon deal get affected?
The news of the second major breach comes at a time when its $4.8 billion deal, which is scheduled to take place in 2017, with Verizon is already rolling on a slippery slope. When the first breach was reported in September this year, Verizon remained cautiously optimistic about the deal. The breach was expected to knock off a couple of million dollars off the table from Yahoo. However, with the company reporting a second breach, which is the biggest security breach ever, Verizon sell off may well be jeopardised, leaving the company in a hapless state.

Why does this keep happening to Yahoo?
The American multinational company was established by Jerry Yang and David Filo in January 1994 and was one of the pioneers of the Internet era in the 1990s. However, over the years, the company has failed to update its platform to meet the constantly changing digital security norms. Thus, allowing other organisations like to take over the market where the company once ruled. The company brought in Google’s priced possession Marrisa Mayer in 2014 in a final desperate attempt. But, even the former Google executive failed to salvage the company.

How can I protect my Yahoo account now?
Amid all the chaos and confusing, the only silver-lining that Yahoo has is that the financial data of its users hasn’t been affected. The company has revealed that the stolen user account information may include names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers. Yahoo’s investigation has revealed that the stolen information did not include passwords in clear text, payment card data, or bank account information. “Payment card data and bank account information are not stored in the system the company believes was affected,” Yahoo added in its release.

If you are a Yahoo user, it’s important to note that with the kind of massive breach that Yahoo has reported, chances are that your account information has already been compromised. So here are a few steps that you can take to deal with this mess:

– If you have a Yahoo account, change your password immediately
– If you use a similar password in any of your other accounts, change that
– Use Yahoo Account Key for adding a layer of security to your account
– Avoid clicking links or downloading attachments from users you’re not sure about
– If you have received notification from Yahoo regarding a breach in your account, delete your existing account